ROPSHELL 
ropshell> use f268ecefc18706b3f2aa69ee7319b141 (download)
name         : ntdll.dll (x86_64/PE)
base address : 0x180001000
total gadgets: 6328

ropshell> suggest
call
    > 0x18002fbee : call rax
    > 0x180004d11 : call rbx
    > 0x180090216 : call rsp
    > 0x18008c85f : call r8
    > 0x180090215 : call r12
jmp
    > 0x18003161b : jmp rax
    > 0x18007de2d : jmp rbx
    > 0x18001b877 : jmp rcx
    > 0x1800a0e5e : jmp rdx
    > 0x1800a3b5c : push rsp; add eax, edi; ret
load mem
    > 0x18006b630 : movzx eax, [rcx]; ret
    > 0x1800ff4fe : mov rax, [r10 + 0x38]; ret
    > 0x180060666 : mov eax, [rcx + 0x16b0]; ret
    > 0x1800ff4ff : mov eax, [rdx + 0x38]; ret
    > 0x180091ea7 : movzx ecx, [rdx]; sub eax, ecx; ret
load reg
    > 0x180006794 : pop rax; ret
    > 0x18000137d : pop rbx; ret
    > 0x18001a853 : pop rcx; ret
    > 0x18000e822 : pop rdx; ret 9
    > 0x18000132d : pop rsi; ret
pop pop ret
    > 0x18008c548 : pop r11; ret
    > 0x18008c546 : pop r10; pop r11; ret
    > 0x180029f11 : pop r12; pop rbp; pop rbx; ret
    > 0x180031072 : pop r12; pop rdi; pop rbp; pop rbx; ret
    > 0x180003997 : pop r12; pop rdi; pop rsi; pop rbp; pop rbx; ret
sp lifting
    > 0x1800a1ff8 : add rsp, 0x10; ret
    > 0x1800a1ff8 : add rsp, 0x10; ret
    > 0x18006b10f : add rsp, 0x238; ret
    > 0x18000144b : add rsp, 0x38; ret
    > 0x18007cfaa : add rsp, 0x438; ret
stack pivoting
    > 0x180047ab9 : xchg eax, esp; ret
    > 0x1800151e3 : mov rsp, r11; pop r14; ret
    > 0x1800151e4 : mov esp, ebx; pop r14; ret
    > 0x180110b12 : lea rsp, [rbp + 0x10]; pop rbp; ret
    > 0x180110b13 : lea esp, [rbp + 0x10]; pop rbp; ret
syscall
    > 0x18009cd72 : syscall ; ret
write mem
    > 0x18007f377 : add [rbx], edi; ret
    > 0x18007788d : add [rdi], ecx; ret
    > 0x18007788c : add [r15], ecx; ret
    > 0x18007114a : add [rax + 1], edi; ret
    > 0x18006c326 : add [rbx + 0x27401f8], eax; ret

© 2014 - 2019 - Powered by ROPEME | Contact